Security for web services in 9.0.3?
Hello all,
With regular Java Class Web Services, how do you declare logical security roles? Also, how do you declare method-level permissions based on those roles? Lastly, how about the security role mappings?
I am looking at http://otn.oracle.com/docs/products/ias/doc_library/903doc_otn/generic.903/a97681/security.htm
However, it does not mention anything about web services. Any help would be appreciated!
Thanks,
James
I am not sure it is possible to do what you want to do ... here are the two approaches you have:
1. When you publish a class the Web services publisher (either JDev or the Web Services Assembler tool), lets you wrap the class with an interface which becomes the available methods to the outside world. This is your first level of restriction regardless of authentication or authorization.
2. Then I can use constructs in the web.xml to map users of a specific URL pattern. Here, for example, is a sample for a class mypackage1.Class1 and its web.xml with BASIC authentication:
<web-app>
<description></description>
<servlet>
<servlet-name>mypackage1.Class1</servlet-name>
<servlet-class>oracle.j2ee.ws.StatelessJavaRpcWebService</servlet-class>
<init-param>
<param-name>class-name</param-name>
<param-value>mypackage1.Class1</param-value>
</init-param>
<init-param>
<param-name>interface-name</param-name>
<param-value>mypackage1.IClass1</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>mypackage1.Class1</servlet-name>
<url-pattern>/mypackage1.Class1</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>ws</web-resource-name>
<url-pattern>/mypackage1.Class1</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>BasicRole</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Enter a valid user</realm-name>
</login-config>
<security-role>
<role-name>BasicRole</role-name>
</security-role>
</web-app>
The crux of this method is the URL pattern ... once I match the URL pattern I will be subject to the security.
I also have to map from the orion-web.xml to the underlying authentication mechanism - here for example in the following I just use the default principals.xml, rather than working into JAAS and Oracle Internet Directory, where the users of BasicGroup might actually be defined:
<orion-web-app>
<security-role-mapping name="BasicRole">
<group name="BasicGroup"/>
</security-role-mapping>
</orion-web-app>
As the method is actually defined, assuming RPC, in the SOAP message that is posted, the URL pattern will not capture method level invocations.
Not sure this is what you are after but perhaps when you respond I will better understand where you want to go - the bottom line is that the Web services security is simply leveraging the Servlet model; it doesn't have method level security as say, for example, the underlying EJB model does.
Hope this helps.
Mike.
Similar Messages
-
An interview on security for Web services
In a recent interview with SDN, Sun technical product manager Sidharth Mishra answers these questions: What are web services and why are the data they transmit highly insecure? How do you protect the data interactions? What role does OpenSSO play?
See the related article at http://developers.sun.com/identity/reference/techart/webservices.html.In a recent interview with SDN, Sun technical product manager Sidharth Mishra answers these questions: What are web services and why are the data they transmit highly insecure? How do you protect the data interactions? What role does OpenSSO play?
See the related article at http://developers.sun.com/identity/reference/techart/webservices.html. -
Custom Token For web services security
How can I implement a token based security for web services? I will return a
custom token which contains a session-id among others after a JAAS
authnetication. I want to pass this token for every web service invokation.
I want the serverside EJB methods to be authorized based the roles in token.
Any ideas or pointers on the possible solutions?
Thanks,
VishHow can I implement a token based security for web services? I will return a
custom token which contains a session-id among others after a JAAS
authnetication. I want to pass this token for every web service invokation.
I want the serverside EJB methods to be authorized based the roles in token.
Any ideas or pointers on the possible solutions?
Thanks,
Vish -
Exception while accessing web service secure through web services Manager
Hi All,
I deployed sime Hello World web service on JWSDP1.6 and secure it through web service manager(gateway) using Certificate based security.But when I try to access this web service using JWSDP client,I got the following Error while monitoring the soap messages through TCP-Monitor:
/////////////////////////////////Request///////////////////////////////////////////////////////////////
POST /gateway/services/SID0003009 HTTP/1.1
Content-Type: text/xml; charset=utf-8
Accept: text/xml, text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Content-Length: 5631
SOAPAction: ""
User-Agent: Java/1.5.0_05
Host: ivy.cs.ucl.ac.uk:8082
Connection: keep-alive
<?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:enc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns0="http://hello.org/wsdl" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" env:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><env:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" env:mustUnderstand="1"><xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier">eN9famBBWzHNUIwWRhMPktcM+VQ=</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo><xenc:CipherData><xenc:CipherValue>MHjtgA4wOtvI1B+SuRVEmD07yE+jl6axd4XbJ0nvQ3EzSuVVoST9vHzURh+B47yj41187s8T+yjt
Bmpk9OB278Jghonkacv6r+q+LVlxRrQDudNGir7plzFeM6bUadMxf+FLgn5O0a44vU/tvy6V9+zi
yqFdhTvS21No/aW62No=</xenc:CipherValue></xenc:CipherData><xenc:ReferenceList><xenc:DataReference URI="#XWSSGID-1155126003241-1198323932"/></xenc:ReferenceList></xenc:EncryptedKey><wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="XWSSGID-11551260018331598979688">MIIC3TCCAkagAwIBAgIBATANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzEMMAoGA1UECBMD
U0NBMQwwCgYDVQQKEwNTVU4xHjAcBgNVBAMTFWNlcnRpZmljYXRlLWF1dGhvcml0eTAeFw0wNjAz
MTkxMzQ5MDJaFw0xNjAzMTYxMzQ5MDJaMEcxCzAJBgNVBAYTAlVTMQwwCgYDVQQIEwNTQ0ExDDAK
BgNVBAoTA1NVTjEcMBoGA1UEAxMTeHdzLXNlY3VyaXR5LWNsaWVudDCBnzANBgkqhkiG9w0BAQEF
AAOBjQAwgYkCgYEAzNDPKUz1MhUH1LsrLqXKxciOKSWeTrdoe/SVwe/4uy5eobAWSsSTposaOYFy
uxf3cGCCIs7u0jMAXLQ9jzobDbt9XQ4tXPoBzKKzS+yU6hDk2TcOCkioeT9A9db5LF8yevhwXKB4
AJ1Eh//Dp/djoonXCCxsxupQZp3ueRJrR98CAwEAAaOB1jCB0zAJBgNVHRMEAjAAMCwGCWCGSAGG
+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUECH05VC3/WGW
H4AGD6tnH0h+kFUweQYDVR0jBHIwcIAUdry1wGRZ2fyJSKisVSxpMEmIiaahTaRLMEkxCzAJBgNV
BAYTAlVTMQwwCgYDVQQIEwNTQ0ExDDAKBgNVBAoTA1NVTjEeMBwGA1UEAxMVY2VydGlmaWNhdGUt
YXV0aG9yaXR5ggkA4HaEvd6hq8YwDQYJKoZIhvcNAQEEBQADgYEA0RhOk67pCrO6MgZZGqrmAMW6
76fZowBxTKlFq88nrf8v1MUxV8H9wgbTDrwR0HtxY3TGpDFw2tNAww2pyDX/pQ2Wt46ichluGxjf
aEV53loKTOM7syAmlicWqViGzBfgzriIl918TzFaX9BD/Y55bKZQk057maBCSkUuFfF453s=</wsse:BinarySecurityToken><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsse enc env ns0 xsd xsi"/></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#XWSSGID-1155126002593447652186"><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>UJ1kuwI+WuF/RkrQpZrj1GvraLI=</ds:DigestValue></ds:Reference><ds:Reference URI="#XWSSGID-1155126002602761294100"><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>sKG/z5OIGgqJ2nw7JtpXyJzr8pY=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>SBc65VTG1xpEkRUTz70H0fVGIgoBJ0QnNad0k07RMSfw4vG1WHJdt19R05pO2AvU5aoYuBSaguJe
ZGEjmWzw8mnSWKBi+zeDMeJiwgqwW6HHHX9P7JDslxuTIqoJIVUbSjUTSVz6ww8siIK65quXdkMT
ZzLfp7Cd0gBuA3EEZpg=</ds:SignatureValue><ds:KeyInfo><wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-11551260025411896275738">
<wsse:Reference URI="#XWSSGID-11551260018331598979688" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference></ds:KeyInfo></ds:Signature><wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-1155126002602761294100"><wsu:Created>2006-08-09T12:20:02Z</wsu:Created><wsu:Expires>2006-08-09T12:20:07Z</wsu:Expires></wsu:Timestamp></wsse:Security></env:Header><env:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-1155126002593447652186"><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="XWSSGID-1155126003241-1198323932" Type="http://www.w3.org/2001/04/xmlenc#Content"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/><xenc:CipherData><xenc:CipherValue>XNqEzHNp47ILtOagAUNCXYkxOCWv4CjHqmZ7j6VKN/NO96ce4BsNSL6lKzqa9dPxHB1sTVGZQ8KA
COQ6DGwyWCP8ip+CU2hor3uUAml7nzHTx1LUw3Db+0p31VAT3EqKJA3aFy38GQrBTr9ojMOUA6tm
Cj71yucN3UCKRUl3RpE8qU68y7AwNxPsyAZeSa2AVm2cmWvSDZlxgMsx+JCEZaf3+D0o1zMp0Fxb
MSISPt/JrEolt1H5UM1AoFGU4QkckWrQNLPyEF9oxEgZ8oCE5U8v/YJwZIAHFrx67XfaLwQLjzXw
VPigsH9gLkfbP2BU8Vp31GsPwBZtUeNz9S35+CZPD7EiqoAB1QuAxZkJV7n00VChYH+scT64tNja
c81bcD8tf4sAr7toCMNDAU6+74+Qy0EyPqgwLtotDxErn4kF8e72cONMMQBQ91tQs+iI+D6C1I6+
f9UiSfgtm/MTuKQK1CRqarEtI9N6lpqVH8k7ulUwH/jFstihxmhMJ3aZY+qQgSwSs3pwSSim+e18
eR7dOEq4vG8ivKuGvTDO4sSV2RP/nL/3eXr0y7eM0kMFKwTUA4JqL4Y/l8Bo/rie/ZXkkbF6hwEu
dX1QmB0gf5k=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></env:Body></env:Envelope>
////////////////////////////////Response///////////////////////////////////////////////////////////////
HTTP/1.1 100 Continue
Server: Oracle Application Server Containers for J2EE 10g (10.1.2.0.0)
Date: Wed, 09 Aug 2006 12:28:47 GMT
HTTP/1.1 500 Internal Server Error
Date: Wed, 09 Aug 2006 12:28:47 GMT
Server: Oracle Application Server Containers for J2EE 10g (10.1.2.0.0)
Connection: Keep-Alive
Keep-Alive: timeout=15, max=100
Content-Type: text/xml
Transfer-Encoding: chunked
157
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Body><SOAP-ENV:Fault><faultcode xmlns:p="http://schemas.oblix.com/ws/2003/08/Faults">c</faultcode><faultstring>Step execution failed with an exception</faultstring><detail></detail></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>
0
So basically, what I am doing here as follows:
HelloClient(using JWSPD1.6)->gateway(web service manager for securing the web service using message level security through certificate )->helloservice(deployed using JWSDP1.6)
I would appreciate if someone could tell me the cause of this errror.Thanks.
Kashiftime to look into the gateway logs as stated by the fault ..
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Body><SOAP-ENV:Fault><faultcode xmlns:p="http://schemas.oblix.com/ws/2003/08/Faults">c</faultcode><faultstring>Step execution failed with an exception</faultstring><detail></detail></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>
looks like the cipher step might have failed -
I am new to web services so please pardon me if what I am asking is really dumb.....
I have created a simple PL/SQL web service using JDeveloper that I have published to an installation of 9iAS. My client is calling this URL directly passing the parameters in the URL and getting the SOAP message back. Everything works great.
Now I need to secure this somehow. This is an internal application, so I am not terribly concerned with security, but we do need something that will prevent somebody who stumbles across this URL to start using it.
I have read a lot of documentation on securing web services, but it all seems to be around creating clients, but I don't want a client, I just want to be able to call the URL directly from external systems programmatically.
One option is obviously to pass username / pw in as parameters and then validate this in PL/SQL, but this is obviously not very secure.
Another things I was thinking was to use the owa_util.get_cgi_env('REMOTE_ADDR') inside by PL?SQL function to get the IP Address of the client calling and then validate this to make sure this client is allowed to access the web service. This function returns ORA-06502. Does anybody know anything about how to get the IP address of the client calling? I know there are ways to limit access to certain IP addresses on the web server level, but this server is used for other things so I don’t want to do that.
Is there anything else I can do to secure a web service like this?
Any help is appreciated.More reading and code sample (see end of this post) of what is coming and what is possible today:
http://www.oracle.com/oramag/oracle/02-jul/index.html?o42special_web.html
http://otn.oracle.com/oramag/webcolumns/2003/techarticles/smith_wss.html
This article from Vipin Samar gives the state of WS-Security pretty accurately:
http://otn.oracle.com/tech/webservices/standards/Samar_Security.htm
Accompanying paper:
http://otn.oracle.com/tech/webservices/pdf/33206.pdf
And, this code sample/tutorial illustrates SSL with Web services:
http://otn.oracle.com/sample_code/tutorials/wspki/toc.htm
Mike. -
Security of Web Services, Agents and Sequantial Calling of Web Services
I want to ask about the secure invocation of web services and the role of agents.
Suppose that I have greet() web service:
public String greet() {
String S1=sayHello(); // A web service, actually its proxy
String S2=sayGoodMorning(); // A web service, actually its proxy
return S1+" "+S2;
It calls two other webservices and they return "HELLO" and "Good Morning". Also assume that I need to secure all my web services but I need these calls to work!
I put an agent in front of those two web services and require them to check a SAML token. I also attach an agent to greet() to authenticate the inbound and sign and add SAML token for outbound.
But I think these two calls fail because the SAML is not created on each call. (Is it?)
How can I make those two calls, secure each web service and at the same time keep the security code out of business code, in other words keep my web service security agnostic?
Thank you in advance.
Best Regards
FarbodAny Comments on this?
-
Use of security in web service
Hi,
I have tried to use security from the example jaas-sample of jwsdp 1.5 .
I just want to secure my web service with a username/password.
When I called my service from the client...I see the xml flow :
<?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:enc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" env:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<env:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" env:mustUnderstand="1">
<wsse:UsernameToken>
<wsse:Username>Ron</wsse:Username>
<wsse:Password>****</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">3k18Sv+DMhcO3aoq6YWLB4xa</wsse:Nonce>
<wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2005-03-01T15:26:05Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</env:Header>
<env:Body>
<ns0:getInformations/>
</env:Body>
</env:Envelope>
it seems to be correct but I have an exception :
Thread : main at 01 mars 2005 16:10:06,593 ERROR Error occured during retrieving informations
java.rmi.ServerException: JAXRPCSERVLET28 : Informations sur le port manquant
at com.sun.xml.rpc.client.StreamingSender._raiseFault(StreamingSender.java:497)
at com.sun.xml.rpc.client.StreamingSender._send(StreamingSender.java:294)
It works when I not use the security option (in wscompile) ...
Have you any idea for a solution?Hi,
I tried the xws-security samples and everything worked fine.
After editing the "java.security" according to the manual with:
security.provider.2=org.bouncycastle.jce.provider.BouncyCastleProvider
After that change and a restart of the application server I get the same error message.
I copied the jar file "bcprov-jdk14-127.jar" from bouncycastle to the jre/lib/ext folder.
I will check further.
br
Dieter -
Secured Sybase Web Service with outside certificate authority
Hello,
I would like to use Secured Sybase Web Service with outside certificate authority, like Symantec. Could you let me know how I can create CSR for sending to Symantec? What other steps do I need to do?
Thanks,
Sudarat.Hello Jason,
Thanks for your reply. The certificate authority require the CSR file before issue a signed certificate. If this is a signed certificate for IIS web server, I can create CSR from IIS. But I cannot use a signed certificate created from CSR of IIS with Sybase Web Service. The below steps are what I have tried.
1. I use CreateCert.exe with /r parameter to create CSR and private key.
2. I sent CSR to a certificate authority and they send back a signed certificate.
3. I have to combine a signed certificate from #2 with private key created from #1. Then use that file to specify with -xs{https …when starting the service.
Are the above steps what I have to do? If so, do I need to redistribute createcert.exe to my customers who want to use my application and how? Why I cannot use the signed certificate created from CSR of IIS?
Thanks,
Sudarat. -
Implementing Security in web services developed using JAX WS approach
Hi ,
Our Organization has developed a Web service using JAX WS approach exposing EJB as EndPoint .This wsdl file URL is only used by third party companies that register with us (Means i want to say that this wsdl url is not world wide accessable).
Now we need to implement security for this service , please tell me what is the appropiate for doing so ??
Thank you in advance .
Waiting for your valuable suggestions .
Please help .You can implement message level security in many ways. Some of the ways are
SAML
Digital certificates etc
You may have to work with your vendor specific API to achieve this. Take a look at one case study.
http://www.ibm.com/developerworks/webservices/library/ws-security.html
You will find lot of articles on google to implement message level security however my recommendation would be to get in touch with security expert. -
Unable to call WSS (WS-Security) enabled Web Service using UTL_DBWS
We are attempting to call a WSS (WS-Security) enabled Web Service from PL/SQL using the UTL_DBWS package (see [http://download.oracle.com/docs/cd/B19306_01/appdev.102/b14258/u_dbws.htm#CHDIDGJH] ). We are doing this in similar fashion to [http://www.oracle-base.com/articles/10g/utl_dbws10g.php] with calls to utl_dbws.create_service, utl_dbws.create_call and utl_dbws.invoke.
Using this method we can successfully call an unsecured Web Service, but calls to WSS-enabled Web Services fail. We are currently using Oracle Database 10.2.0.3.
The failure we are getting is:
ORA-29532: Java call terminated by uncaught Java exception: javax.xml.rpc.soap.SOAPFaultException:
com.sun.xml.wss.XWSSecurityException: Message does not conform to configured
policy ( AuthenticationTokenPolicy(S) ): No Security Header found;nested
exception is com.sun.xml.wss.XWSSecurityException:
com.sun.xml.wss.XWSSecurityException: Message does not conform to configured
policy ( AuthenticationTokenPlicy(S) ): No Security Header found
Apparently UTL_DBWS does not support calling WSS enabled services, although this doesn't appear to be an officially recognised position. Does anyone know if Oracle are planning to support this soon (if ever)? Looking at Re: Calling WS from PL/SQL using WS-security suggests that support has been considered before, but not yet realised.
Thanks,
TomHaving raised a Service Request with Oracle support on this, I got the following response from Oracle Development (On unpublished bug [8542959|https://metalink2.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=BUG&p_id=8542959]):
Development has confirmed that WS-Security is not supported through UTL_DBWS. They have also acknowledged that this is not documented and they will change the official Oracle documentation will reflect this fact. From what is being stated, it would appear that there is no plan to support the use of WS-Security through UTL_DBWS in any release in the near future.
So, in short, without developing your own home-grown SOAP request, there is no way to call a WSS enabled web service from within PL/SQL.
-Tom -
hi!!!
Could you pls point to any code example.
thanks
Pushpa
"Richard Berger" <[email protected]> wrote:
>
Manoj: Thanks for the answer - do you have or can you point me at any
code samples
that accomplish this? (Yes, .NET is limited to strings/ints in their
get/post
bindings).
Thanks so much!
RB
PS - Also, can you explain any apparent discrepancy between your answer
and what
the WL documentation stated (again, it may be my misunderstanding).
"manoj cheenath" <[email protected]> wrote:
WL 7.0 does allow you to access the web service through
the browser. It even allows you to invoke service methods
with complex type arguments (.Net only supports primitive
types) and also to view the request and response soap
message for the invocation.
regards,
-manoj
"Richard Berger" <[email protected]> wrote in message
news:[email protected]...
This might be a naive question, but according to the documentation,WL 7.0
does
not support http post/get bindings for web services. Thus, for meto
access a
web service, I need to write a "middle tier" of some sort (I used
the
automatically
generated Java proxy code and JSP). All works fine, but it seems
like
it
would
sure be nice to have HTML forms access web services without havingto
write a
middle tier.
NET does this and it is extremely useful - is there a reason that
BEA
chose not
to provide this feature? (e.g. is it architecturally unsound in anyway?
or is
there an easy way to simulate it?). Given some of the Web Workshoppositioning
re: ease of use and .NET comparison, this seems like an omission.
Any insights are greatly appreciated.
Enjoy,
RB
PS - Here's the info from the documentation
Web Services Description Language (WSDL) 1.1 Specification
WSDL is an XML-based language that describes Web services. WSDL definesWeb services
as a set of endpoints operating on messages; these message containeither
message-style
or RPC-style information. The operations and messages are describedabstractly
in WSDL, and then bound to a concrete network protocol and messageformat
to define
an endpoint. Related concrete endpoints are combined into abstractendpoints (services).
WSDL is extensible to allow the description of endpoints and theirassociated
messages regardless of what message formats or network protocols areused
to communicate,
however, the only bindings described in the specification describehow to
use
WSDL in conjunction with SOAP 1.1, HTTP GET/POST, and MIME.
Note: WebLogic Server supports only SOAP 1.1 bindings.
The WSDL 1.1 Specification is available at http://www.w3.org/TR/wsdl.This isn't a straight FORM Post as in the http binding support in WSDL. It posts
a soap message.
It's apparent that Workshop supports form-post and form-get.
But I dont see how it is done with straight WebLogic webservices. Does WebLogic
server read the web-services.xml or the WSDL file? I dont see a way to put in
http-post binding in the former and in the latter it seems to be ignored.
Can someone clarify.
Thanks.
Chu-chi
"manoj cheenath" <[email protected]> wrote:
Here is a live example:
http://65.193.192.35:7001/base/SoapInteropBaseService
Here is an example that you can download:
http://manojc.com/?sample2
This is how you run it:
http://manojc.com/?tutorial/doc/howtorun.html
More info can be found from the edocs:
7.0:
http://edocs.bea.com/wls/docs70/webserv/index.html
8.1:
http://edocs.bea.com/wls/docs81/webserv/index.html
Regards,
-manoj
http://manojc.com
"pushpa krishna" <[email protected]> wrote in message
news:[email protected]...
hi!!!
Could you pls point to any code example.
thanks
Pushpa
"Richard Berger" <[email protected]> wrote:
Manoj: Thanks for the answer - do you have or can you point me at
any
code samples
that accomplish this? (Yes, .NET is limited to strings/ints in their
get/post
bindings).
Thanks so much!
RB
PS - Also, can you explain any apparent discrepancy between your answer
and what
the WL documentation stated (again, it may be my misunderstanding).
"manoj cheenath" <[email protected]> wrote:
WL 7.0 does allow you to access the web service through
the browser. It even allows you to invoke service methods
with complex type arguments (.Net only supports primitive
types) and also to view the request and response soap
message for the invocation.
regards,
-manoj
"Richard Berger" <[email protected]> wrote in message
news:[email protected]...
This might be a naive question, but according to the documentation,WL 7.0
does
not support http post/get bindings for web services. Thus, for
me
to
access a
web service, I need to write a "middle tier" of some sort (I used
the
automatically
generated Java proxy code and JSP). All works fine, but it seems
like
it
would
sure be nice to have HTML forms access web services without havingto
write a
middle tier.
NET does this and it is extremely useful - is there a reason that
BEA
chose not
to provide this feature? (e.g. is it architecturally unsound in
any
way?
or is
there an easy way to simulate it?). Given some of the Web Workshoppositioning
re: ease of use and .NET comparison, this seems like an omission.
Any insights are greatly appreciated.
Enjoy,
RB
PS - Here's the info from the documentation
Web Services Description Language (WSDL) 1.1 Specification
WSDL is an XML-based language that describes Web services. WSDL
defines
Web services
as a set of endpoints operating on messages; these message containeither
message-style
or RPC-style information. The operations and messages are describedabstractly
in WSDL, and then bound to a concrete network protocol and messageformat
to define
an endpoint. Related concrete endpoints are combined into abstractendpoints (services).
WSDL is extensible to allow the description of endpoints and theirassociated
messages regardless of what message formats or network protocols
are
used
to communicate,
however, the only bindings described in the specification describehow to
use
WSDL in conjunction with SOAP 1.1, HTTP GET/POST, and MIME.
Note: WebLogic Server supports only SOAP 1.1 bindings.
The WSDL 1.1 Specification is available at http://www.w3.org/TR/wsdl. -
Why doesn't WL7.0 support get/post bindings for web services ...
This might be a naive question, but according to the documentation, WL 7.0 does
not support http post/get bindings for web services. Thus, for me to access a
web service, I need to write a "middle tier" of some sort (I used the automatically
generated Java proxy code and JSP). All works fine, but it seems like it would
sure be nice to have HTML forms access web services without having to write a
middle tier.
.NET does this and it is extremely useful - is there a reason that BEA chose not
to provide this feature? (e.g. is it architecturally unsound in any way? or is
there an easy way to simulate it?). Given some of the Web Workshop positioning
re: ease of use and .NET comparison, this seems like an omission.
Any insights are greatly appreciated.
Enjoy,
RB
PS - Here's the info from the documentation
Web Services Description Language (WSDL) 1.1 Specification
WSDL is an XML-based language that describes Web services. WSDL defines Web services
as a set of endpoints operating on messages; these message contain either message-style
or RPC-style information. The operations and messages are described abstractly
in WSDL, and then bound to a concrete network protocol and message format to define
an endpoint. Related concrete endpoints are combined into abstract endpoints (services).
WSDL is extensible to allow the description of endpoints and their associated
messages regardless of what message formats or network protocols are used to communicate,
however, the only bindings described in the specification describe how to use
WSDL in conjunction with SOAP 1.1, HTTP GET/POST, and MIME.
Note: WebLogic Server supports only SOAP 1.1 bindings.
The WSDL 1.1 Specification is available at http://www.w3.org/TR/wsdl.Manoj: Thanks for the answer - do you have or can you point me at any code samples
that accomplish this? (Yes, .NET is limited to strings/ints in their get/post
bindings).
Thanks so much!
RB
PS - Also, can you explain any apparent discrepancy between your answer and what
the WL documentation stated (again, it may be my misunderstanding).
"manoj cheenath" <[email protected]> wrote:
WL 7.0 does allow you to access the web service through
the browser. It even allows you to invoke service methods
with complex type arguments (.Net only supports primitive
types) and also to view the request and response soap
message for the invocation.
regards,
-manoj
"Richard Berger" <[email protected]> wrote in message
news:[email protected]...
This might be a naive question, but according to the documentation,WL 7.0
does
not support http post/get bindings for web services. Thus, for meto
access a
web service, I need to write a "middle tier" of some sort (I used theautomatically
generated Java proxy code and JSP). All works fine, but it seems likeit
would
sure be nice to have HTML forms access web services without havingto
write a
middle tier.
NET does this and it is extremely useful - is there a reason that BEAchose not
to provide this feature? (e.g. is it architecturally unsound in anyway?
or is
there an easy way to simulate it?). Given some of the Web Workshoppositioning
re: ease of use and .NET comparison, this seems like an omission.
Any insights are greatly appreciated.
Enjoy,
RB
PS - Here's the info from the documentation
Web Services Description Language (WSDL) 1.1 Specification
WSDL is an XML-based language that describes Web services. WSDL definesWeb services
as a set of endpoints operating on messages; these message containeither
message-style
or RPC-style information. The operations and messages are describedabstractly
in WSDL, and then bound to a concrete network protocol and messageformat
to define
an endpoint. Related concrete endpoints are combined into abstractendpoints (services).
WSDL is extensible to allow the description of endpoints and theirassociated
messages regardless of what message formats or network protocols areused
to communicate,
however, the only bindings described in the specification describehow to
use
WSDL in conjunction with SOAP 1.1, HTTP GET/POST, and MIME.
Note: WebLogic Server supports only SOAP 1.1 bindings.
The WSDL 1.1 Specification is available at http://www.w3.org/TR/wsdl. -
WSDL error during generation of ABAP proxy for web service
Hi friends,
I am getting error during the generation of ABAP proxy object for web service developed in .NET .
Error : Proxy generation terminated: WSDL error (<extension> not supported).
How to make this WSDL file compatible for ABAP proxy.
I have tried to edit WSDL file in XML Spy but did not get any option to replace/remove the tag <extention>.
If any one worked on this. Please help me its urgent.
Thanks and regards,
Shivanand.HI ,
I am having the same issue!!!
Does ABAP Proxy Generation support <extension> ?
Is there a list available of what is supported and what not (please consider I do not have access to sap notes)?
Thanks -
Can you suggest me what's best book for Web Services and XML to study? I'm planning to buy..
Thanks in advance..Why does it need to be the best one? What would that even mean? Just buy something reputable, like an O'Reilly book, it's not going to be so horrifically poor that you can't learn from it
-
How to activate trace for web services
Hi Experts,
How to activate trace for web services in SOAMANAGER.
We are not able to view the Payload trace of the error logs.
Can anyone please let me know how to go about this???
Regards,
AshwiniHi Ashwini,
The thread below might be useful to you:
[SOAMANAGER - Get the XML generated;
Regards, Trevor
Maybe you are looking for
-
SharePoint Foundation 2013 - Multi-tenant Install and OneDrive for Business with Yammer i
Hello, After installing SP Foundation 2013 (SP1) with Partitioned service applications we have noticed that while clicking on the "yammer and oneDrive" link the below error message comes up: _admin/yammerconfiguration.aspx any ideas?? http://technet.
-
Hi there, we're working with Adobe Designer 6.0 and we want prevent the user from printing. In the Layout Designer, there is a possibility to set permissions to the document, but if I activate the Form every settings are resetted. Any Information / N
-
Can't order replacement headphones because of location?
I have an ipod shuffle whose retail apple headphones stopped working. From everything i've read about this, all i need to do is go through the order replacement parts proccess and i can get a new pair. However, when i try to do it, it keeps saying th
-
Bluetooth Treo 650 Sync now works
I tried syncing my Palm Treo 650 with MBP 17" via Bluetooth since May with no success until the 10.4.7 update. I configured everything last month but connection failed due to " Port is already in use". So, after this update I tried connection vis Blu
-
I cant use my finger or pen on touchscreen.
I can use my touchpad/mouse, but when i try to use my touchscreen to draw or other things with my finger or pen, it doesnt work. If I click outside the box/layer and drag into it, it will work. How can I fix this? If it helps, I have a lenovo twist